top of page
perceptive_background_267k.jpg

Sereal::Decoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library.

Sereal::Decoder embeds a vers…

Published:

30 maart 2026 om 22:00:00

Alert date:

31 maart 2026 om 17:08:47

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Web Technologies

Sereal::Decoder versions 4.000 through 4.009_002 for Perl contains a buffer overwrite vulnerability in an embedded Zstandard library component. The vulnerability stems from CVE-2019-11922, a race condition in Zstandard's one-pass compression functions prior to version 1.3.8. Attackers can exploit this flaw to write bytes out of bounds when an output buffer smaller than the recommended size is used. The vulnerability affects the popular Perl serialization library and could lead to memory corruption attacks.

Technical details

Mitigation steps:

Affected products:

Sereal::Decoder
Zstandard library

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2024-14030
https://github.com/advisories/GHSA-w77f-wv46-4vcx
https://metacpan.org/release/YVES/Sereal-Decoder-4.010/changes
https://www.cve.org/CVERecord?id=CVE-2019-11922

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page